CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22222 |
Description: VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
CVSS: HIGH (7.7) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-22221 |
Description: VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
CVSS: MEDIUM (5.2) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-22220 |
Description: VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-22219 |
Description: VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-22218 |
Description: VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-21107 |
Description: Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0882 |
Description: A vulnerability was found in code-projects Chat System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/addnewmember.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In code-projects Chat System bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /user/addnewmember.php. Durch das Beeinflussen des Arguments user mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.17%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0881 |
Description: A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Codezips Gym Management System 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /dashboard/admin/saveroutine.php. Durch Manipulieren des Arguments rname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0880 |
Description: A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in Codezips Gym Management System 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei /dashboard/admin/updateplan.php. Durch das Manipulieren des Arguments planid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.14%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0874 |
Description: A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/approve.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in code-projects Simple Plugins Car Rental Management 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /admin/approve.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.17%
January 31st, 2025 (5 months ago)
|